PT-2019-12355 · Softing · Uagate Si
Djo
·
Publicado
2019-10-10
·
Atualizado
2021-07-21
·
CVE-2019-11526
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Softing uaGate SI version 1.60.01
Description
An issue was discovered that allows file path injection via a maintenance script executable with sudo privileges. This enables an attacker to write files with superuser privileges in specific locations.
Recommendations
For Softing uaGate SI version 1.60.01, consider restricting access to the maintenance script to prevent exploitation until a fix is available. As a temporary workaround, limit the use of sudo privileges for the script to minimize the risk of file path injection.
Exploit
Correção
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Uagate Si